Secondly, a major problem is that many of the groups of consultants need to run their VPN clients to get full access to their company network and systems required to do their job for ACME. And even though these consultants are on our VLAN they are still behind one of our firewalls. The problem is that the consultants don???t need plain Internet access and we only have minimal ports open to the outside such as 80 and 443 and a few others. I am astounded at how many ports some of these VPNs require open. Check out the ports required to be open for just one of the consultant VPN clients: IP Protocol 50 and 51 (IPSEC Encapsulating Security Payload Protocol). TCP Port 264 and 256 (Topology Requests and Updates). UDP Port 500 and 259 (IPSEC Internet Key Exchange)
I prefer terminal services or Citrix to support remote users but I do realize that many consultants live out of their suitcases and their laptops are important islands of information, versus at ACME where we strive to keep our corporate data on the corporate systems versus on laptops/desktops. So these consultants need more than the typical access from their laptops to their company systems remotely.
A related rant, and I would really rant if I was a consultant, is that many of these folks don???t get the proper support they need to work as a consultant. One guy noted that his company only allows 200mb storage on their email server, his mailbox fills up every several days due to files he has to exchange with our finance staff. We do have a secure collaborate site accessible via our intranet to support this project and the consultants can hit it too, but people still send around large attachments, multiple versions of them daily. This same consultant noted that his firm only provides 100mb of storage on their file server, amazing. So this guy and his fellow consultants from the same firm have to store almost all their files on their hard disk drives. One consultant firm does over-the-wire backups of a set area of all employee laptop drives, but unfortunately this guy is not with that firm. So oddly enough he is on his own to backup his hard disk drive. Makes me happy how we support our remote ACME employees way better.